Skip to content

Feature/sns validator #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jul 27, 2017
Merged

Feature/sns validator #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1706f63
WIP commit
jeskew Jun 21, 2017
515926b
Add tests for getCertificate
jeskew Jun 23, 2017
ce17ce4
Wire up certificate fetching and signature verification and round out…
jeskew Jun 23, 2017
b0d07d5
Remove `null` Subject fields in the convertLambdaNotification function
jeskew Jun 24, 2017
330bc3f
Improve formatting and fix typos
jeskew Jul 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions packages/sns-message-validator/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
*.js
*.js.map
*.d.ts
57 changes: 57 additions & 0 deletions packages/sns-message-validator/__fixtures__/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
import {LambdaNotificationMessage} from "../lib/convertLambdaNotification";
import {
NotificationMessage,
SubscriptionConfirmationMessage,
UnsubscribeConfirmationMessage
} from "../lib/Message";

export const HTTP_NOTIFICATION: NotificationMessage = {
Type: "Notification",
MessageId: "9438aee6-d476-5e20-ba25-ff24bf09d6ce",
TopicArn: "arn:aws:sns:us-west-2:604091128280:testing1",
Subject: "A subject",
Message: "A message",
Timestamp: "2017-06-20T00:15:59.380Z",
SignatureVersion: "1",
Signature: "WT7qMHW+jPdj/brSAX7M1jbP5OoPjn9pYmGQqrWeQgbMyVvz3D2sV72ldhCxQLqj/3TLtcTyErVqzT3AfQ8Vk55Rzxd1xnBufJ+0vIyH98b82pKOqRHOqlB72la5nY9/GF/p71BXmIChQpfv/CEZumexgLWnweJsqSMe82I6/eMmrhVZdKpBvz4Sqj+wNQW+0eYEc9bdZmEKuYIvrvTGm1MWkXmqUGuCGj5o3vFFn1GTtM895B3MyMgaSeDHI08CVfs9y1nLcrxwMvqpkHZmIwTi1jzSipYMRD8FVF6Wvq0Scy+FoYSnOWHpEsELI0SGddSqYgli9ROYiqi3DQhvHw==",
SigningCertURL: "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem",
UnsubscribeURL: "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:604091128280:testing1:b061e4fd-c468-458d-9736-91c8c0c18e29",
};

export const LAMBDA_NOTIFICATION: LambdaNotificationMessage = {
Type: 'Notification',
MessageId: '9438aee6-d476-5e20-ba25-ff24bf09d6ce',
TopicArn: 'arn:aws:sns:us-west-2:604091128280:testing1',
Subject: 'A subject',
Message: 'A message',
Timestamp: '2017-06-20T00:15:59.380Z',
SignatureVersion: '1',
Signature: 'WT7qMHW+jPdj/brSAX7M1jbP5OoPjn9pYmGQqrWeQgbMyVvz3D2sV72ldhCxQLqj/3TLtcTyErVqzT3AfQ8Vk55Rzxd1xnBufJ+0vIyH98b82pKOqRHOqlB72la5nY9/GF/p71BXmIChQpfv/CEZumexgLWnweJsqSMe82I6/eMmrhVZdKpBvz4Sqj+wNQW+0eYEc9bdZmEKuYIvrvTGm1MWkXmqUGuCGj5o3vFFn1GTtM895B3MyMgaSeDHI08CVfs9y1nLcrxwMvqpkHZmIwTi1jzSipYMRD8FVF6Wvq0Scy+FoYSnOWHpEsELI0SGddSqYgli9ROYiqi3DQhvHw==',
SigningCertUrl: 'https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem',
UnsubscribeUrl: 'https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:604091128280:testing1:7118d01a-202e-4a65-a372-f46b0994bdae',
};

export const HTTP_NOTIFICATION_NO_SUBJECT: NotificationMessage = {
Type: "Notification",
MessageId: "7317aaf2-e97a-5cf3-8123-fb3a48fabd2a",
TopicArn: "arn:aws:sns:us-west-2:604091128280:testing1",
Message: "A subject-less message",
Timestamp: "2017-06-24T17:20:00.581Z",
SignatureVersion: "1",
Signature: "Lvtgxo8P2C3XUKT8fC7sfMRhxoK6dn/ed9B1DClmJ9GNuFF73G27lhKUsKWrLReawa+v7C1UY49qQb+lSMsBiTV0Hx7L2OKJjzll4fx+G09h2P8OK43Jk6/W05+xU0uvch6Ktp3XrBcI6KNyGFio5GAR2rCBHjdh8MsEYAWRtaVCBqJTLqnHscivOJD8u/m807wDbDhh9cQ5WnvjerUjtrDAfQJN5vHLjEPbL1owtu2FzC3rOHUL9j4TGOdZi2jhUYv8jwzNnJ05bhbtKd6HxKcTcv1JCp/4NLPa8LWYnbLRvWooDQdF2hr56EF6EKDzTtAWagoNYztwSvosQXNK+Q==",
SigningCertURL: "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem",
UnsubscribeURL: "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:604091128280:testing1:f0dd49ac-c33d-471e-812d-1f0e5116c711",
};

export const LAMBDA_NOTIFICATION_NO_SUBJECT: LambdaNotificationMessage = {
Type: 'Notification',
MessageId: '7317aaf2-e97a-5cf3-8123-fb3a48fabd2a',
TopicArn: 'arn:aws:sns:us-west-2:604091128280:testing1',
Subject: null,
Message: 'A subject-less message',
Timestamp: '2017-06-24T17:20:00.581Z',
SignatureVersion: '1',
Signature: 'Lvtgxo8P2C3XUKT8fC7sfMRhxoK6dn/ed9B1DClmJ9GNuFF73G27lhKUsKWrLReawa+v7C1UY49qQb+lSMsBiTV0Hx7L2OKJjzll4fx+G09h2P8OK43Jk6/W05+xU0uvch6Ktp3XrBcI6KNyGFio5GAR2rCBHjdh8MsEYAWRtaVCBqJTLqnHscivOJD8u/m807wDbDhh9cQ5WnvjerUjtrDAfQJN5vHLjEPbL1owtu2FzC3rOHUL9j4TGOdZi2jhUYv8jwzNnJ05bhbtKd6HxKcTcv1JCp/4NLPa8LWYnbLRvWooDQdF2hr56EF6EKDzTtAWagoNYztwSvosQXNK+Q==',
SigningCertUrl: 'https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem',
UnsubscribeUrl: 'https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:604091128280:testing1:7118d01a-202e-4a65-a372-f46b0994bdae',
};
26 changes: 26 additions & 0 deletions packages/sns-message-validator/__fixtures__/test-server-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEWjCCAkICCQDK848c0wG7ajANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTElMCMGA1UE
CgwcTWVzc2FnZSBWYWxpZGF0b3IgVW5pdCBUZXN0czESMBAGA1UEAwwJbG9jYWxo
b3N0MB4XDTE3MDYyMzAxMTQzOFoXDTIzMDEzMTAxMTQzOFowbzELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxJTAjBgNV
BAoMHE1lc3NhZ2UgVmFsaWRhdG9yIFVuaXQgVGVzdHMxEjAQBgNVBAMMCWxvY2Fs
aG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANknobw2ZghFY9yE
Ork5dSlW2giIk2Sb/0GajCXNc1ajVkn1R5e5WNLYWALFRyHmtvWFj6Rut9pQ4WOk
OKYsaWvNlB89CuvKDOZAF02BiTJuXsb5+jHIhg2uuEKS/bEZG27FFZZMLAIeMpdN
Ro+02gKH1DXp6xa3nHkwR00b+0traTwyvvJQsaKHmEHClKwom1i8A60l2Ctm+K2I
io7uLafVX7Xufmqhgxyn+ZSPe/iYgqSrh68gc/OkPuaakMEx72pfqK1wAZz5NWSn
6MFi/mfXmvbL7hfCwThABAQ1I2codGyq7Ax1mMeC/bYYGAIPRoUbsx0jkjzO64gw
NBs+WJECAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAJkb1qMVICfH0cx+loEm8H4vp
v2gt2iinFprYbKuzsYIysc8fVrz7Fcs2mG3Co0uXzddNAzd1ZwPO5vWyU7nu8J0L
LSx2u7prAl4Jflr/kwlFt2f/ParTBgdoVSM4sI2VgL/B89fKcC3C24lEU5dPsntg
cbBhlhDtOpn0BVhEuVVXFMMmqthkrzZjRrsZZ8uwR8tbJWXh6peMPCD/86NFrWgK
givJOrWmraE6MbIo1AUEj7wTK7+viXmzKkYpAj/pJI2Duy4Xbx4t+ry2//rByc4G
rJpsHnQmN7zM+AvMClQyyg+F0BXRBr71cbrbCko59MxWwHdT7+Z7y0fc9sKhVuQO
RkJ2p4+0ll1JLE39i6Q/cGBr65MqeSx6Feo6rlQbW8qD7YLZrFHmxHKHD1kLx9h1
agfawgi2B++qHFdMe5sxZ2cSneWmFIiwTMWbdKIVmhPx+tuYh+QyQScyoFCoy3c4
WpKWjjg+wfwDgf41rfvlO0xyG1VZ1bVKSRkiQjdXZ+/4DFrNeKFDpiexSio7dgJZ
JR+wzPSFzGDlSv96gf+cKNgJA1Yw5r2Y3zGN65tFpMm4qLDR6R6ajy8IRMcCqGUq
BxAexvuxslcc0pj3e9vUWkp3Ky5u+xNQ1EiS6VMbWEcJYjNInEAlTdS+V5uiCDh3
aLzuR8HtZN016piziIU=
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions packages/sns-message-validator/__fixtures__/test-server-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA2SehvDZmCEVj3IQ6uTl1KVbaCIiTZJv/QZqMJc1zVqNWSfVH
l7lY0thYAsVHIea29YWPpG632lDhY6Q4pixpa82UHz0K68oM5kAXTYGJMm5exvn6
MciGDa64QpL9sRkbbsUVlkwsAh4yl01Gj7TaAofUNenrFreceTBHTRv7S2tpPDK+
8lCxooeYQcKUrCibWLwDrSXYK2b4rYiKju4tp9Vfte5+aqGDHKf5lI97+JiCpKuH
ryBz86Q+5pqQwTHval+orXABnPk1ZKfowWL+Z9ea9svuF8LBOEAEBDUjZyh0bKrs
DHWYx4L9thgYAg9GhRuzHSOSPM7riDA0Gz5YkQIDAQABAoIBAQDPmUjQgvzmOVgv
j6YIP3rXa3WDpPWrwEq1sAb9eL0j/YDXsYqg7QuSfksdUvYe3c7ZR7c8DrDrIFlp
Ba02h8y8x8ssVhIjuoS8dlcQvJ6pvMQU2xQqFba6S+dRle68KPGF4xoxFl8YI0Bg
Tvr/FXk55Bqm9BrQG/aWEOaJPA/wV1tq4d/Sv+pLJozM7ejzl0/QRV1p2dnvKwvO
kO48G/Y+k8DXnwIR5qcGhAZP7wxb2cvzWEQwuBDNKedCNAInjjakXJt4bH+vYAE6
RXlzZnQC2LRMKomlCIcaJeINlhlCX/HJPYQrz8Zav6WTAYvolHqW9HRBqp0mG7iZ
O6NmLvOVAoGBAO6CHnsHKUo2rlf5E68u8HlbxPJcToOt+APLymvJOcjGnrgLKo01
KqMMyUVVXyGfpYcN2Bxvk92BTQ71xt4FzqaNn+Ag/NRtHi/ecYnPrH3X+Dd0WRd/
VFX4cGdqd0JXNOMLhKPsk+qO9h9lAoBiDMM2B6pyN4P8mLs3VXU1QrG/AoGBAOkU
nIWzWTMqShkv6CmE2dBkeZaDq3vsgdvGYkaluhJ4nKoMM2GCPtcVmSpKna5GNcsx
rAkxSbnz+WEUGJ+XQxP2bsZsfUbSsBqYOYSqqGVJaBsIXR4s+iB27l/XAKDuPsYr
eYH7HbDf6afxEz5Bbf2E8ZvEZQ0M+UrPRB75IOmvAoGBAL5G2IJWCD7IuPY+I9IS
pI5tBAZGVez/kWmV33t2Ib9nlaBGaEAXNli2Dqxdm3N7pdbE2LB244RHb26L7Yeb
Im4FdpKcPphKJVcTI4lKQNZ0wfWbwKfaUTH07dfTPCmU4QBxY/RS/P6X5wrMzt4V
WxExvZPhYyDNGBvj3S2QvBCJAoGBAIZmKjM2TbMhKYUIiNiYEHkH1syhtBpLMD4o
ULboDTllbwDm9CG/1rhzbdRjHjVFqvM1+zt5vkeJlT0TN3ee40D5krq8CCj0iDNt
n40OUvfEslEUK42g5cIekimVcnlZp7zhiLkYsfAxzSvX6P62/9N1+1OUlahG2OD4
TxGFGiNlAoGAE6S7R3GJyBUrgEd7ViOFGYkArmZnYgEvGgZ8IuS17BXFZdENdzjz
b78WsPgxyRSMttKnmcDEErdtfVNyS2tFNSfTRpHHFxM8x2Ot/mw0krUSpXzMGc1s
i6TltbVl1gSrhE1P8Kpuw4farJaP8M6P5UMU/HpPCO38EmnvKvxdTgA=
-----END RSA PRIVATE KEY-----
149 changes: 149 additions & 0 deletions packages/sns-message-validator/__tests__/Message.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
import {
BaseMessage,
isMessage,
NotificationMessage,
SubscriptionConfirmationMessage,
UnsubscribeConfirmationMessage,
} from "../lib/Message";

const validNotification: NotificationMessage = {
Type: "Notification",
MessageId: "da41e39f-ea4d-435a-b922-c6aae3915ebe",
TopicArn: "arn:aws:sns:us-west-2:123456789012:MyTopic",
Subject: "test",
Message: "test message",
Timestamp: "2012-04-25T21:49:25.719Z",
SignatureVersion: "1",
Signature: "EXAMPLElDMXvB8r9R83tGoNn0ecwd5UjllzsvSvbItzfaMpN2nk5HVSw7XnOn/49IkxDKz8YrlH2qJXj2iZB0Zo2O71c4qQk1fMUDi3LGpij7RCW7AW9vYYsSqIKRnFS94ilu7NFhUzLiieYr4BKHpdTmdD6c0esKEYBpabxDSc=",
SigningCertURL: "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem",
UnsubscribeURL: "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:123456789012:MyTopic:2bcfbf39-05c3-41de-beaa-fcfcc21c8f55"
};

const validSubscriptionConfirmation: SubscriptionConfirmationMessage = {
Type: "SubscriptionConfirmation",
MessageId: "165545c9-2a5c-472c-8df2-7ff2be2b3b1b",
Token: "2336412f37fb687f5d51e6e241d09c805a5a57b30d712f794cc5f6a988666d92768dd60a747ba6f3beb71854e285d6ad02428b09ceece29417f1f02d609c582afbacc99c583a916b9981dd2728f4ae6fdb82efd087cc3b7849e05798d2d2785c03b0879594eeac82c01f235d0e717736",
TopicArn: "arn:aws:sns:us-west-2:123456789012:MyTopic",
Message: "You have chosen to subscribe to the topic arn:aws:sns:us-west-2:123456789012:MyTopic.\nTo confirm the subscription, visit the SubscribeURL included in this message.",
SubscribeURL: "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37fb687f5d51e6e241d09c805a5a57b30d712f794cc5f6a988666d92768dd60a747ba6f3beb71854e285d6ad02428b09ceece29417f1f02d609c582afbacc99c583a916b9981dd2728f4ae6fdb82efd087cc3b7849e05798d2d2785c03b0879594eeac82c01f235d0e717736",
Timestamp: "2012-04-26T20:45:04.751Z",
SignatureVersion: "1",
Signature: "EXAMPLEpH+DcEwjAPg8O9mY8dReBSwksfg2S7WKQcikcNKWLQjwu6A4VbeS0QHVCkhRS7fUQvi2egU3N858fiTDN6bkkOxYDVrY0Ad8L10Hs3zH81mtnPk5uvvolIC1CXGu43obcgFxeL3khZl8IKvO61GWB6jI9b5+gLPoBc1Q=",
SigningCertURL: "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem"
};

const validUnsubscribeConfirmation: UnsubscribeConfirmationMessage = {
Type: "UnsubscribeConfirmation",
MessageId: "165545c9-2a5c-472c-8df2-7ff2be2b3b1b",
Token: "2336412f37fb687f5d51e6e241d09c805a5a57b30d712f794cc5f6a988666d92768dd60a747ba6f3beb71854e285d6ad02428b09ceece29417f1f02d609c582afbacc99c583a916b9981dd2728f4ae6fdb82efd087cc3b7849e05798d2d2785c03b0879594eeac82c01f235d0e717736",
TopicArn: "arn:aws:sns:us-west-2:123456789012:MyTopic",
Message: "You have chosen to deactivate subscription arn:aws:sns:us-east-1:123456789012:MyTopic:2bcfbf39-05c3-41de-beaa-fcfcc21c8f55.\nTo cancel this operation and restore the subscription, visit the SubscribeURL included in this message.",
SubscribeURL: "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37fb687f5d51e6e241d09c805a5a57b30d712f794cc5f6a988666d92768dd60a747ba6f3beb71854e285d6ad02428b09ceece29417f1f02d609c582afbacc99c583a916b9981dd2728f4ae6fdb82efd087cc3b7849e05798d2d2785c03b0879594eeac82c01f235d0e717736",
Timestamp: "2012-04-26T20:45:04.751Z",
SignatureVersion: "1",
Signature: "EXAMPLEpH+DcEwjAPg8O9mY8dReBSwksfg2S7WKQcikcNKWLQjwu6A4VbeS0QHVCkhRS7fUQvi2egU3N858fiTDN6bkkOxYDVrY0Ad8L10Hs3zH81mtnPk5uvvolIC1CXGu43obcgFxeL3khZl8IKvO61GWB6jI9b5+gLPoBc1Q=",
SigningCertURL: "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem"
};

describe('isMessage', () => {
it('should reject scalar values', () => {
for (let scalar of ['string', 20, null, void 0, true]) {
expect(isMessage(scalar)).toBe(false);
}
});

for (let requiredField of ['Type', 'Message', 'MessageId', 'Signature', 'SigningCertURL', 'Timestamp', 'TopicArn']) {
it(`should reject messages where ${requiredField} is not defined`, () => {
expect(isMessage({...validNotification, [requiredField]: void 0}))
.toBe(false);
});
}

it(
'should reject messages whose Type is not Notification, SubscriptionConfirmation, or UnsubscribeConfirmation',
() => {
expect(isMessage({...validNotification, Type: 'foo'})).toBe(false);
}
);

it('should reject messages whose SignatureVersion is not a string', () => {
expect(isMessage({...validNotification, SignatureVersion: 1}))
.toBe(false);
});

describe('notification messages', () => {
it('should accept valid notification messages', () => {
expect(isMessage(validNotification)).toBe(true);
});

it('should accept notification messages with no subject', () => {
expect(isMessage({...validNotification, Subject: void 0}))
.toBe(true);
});

it(
'should reject notification messages whose subject is neither a string nor undefined',
() => {
expect(isMessage({...validNotification, Subject: 10}))
.toBe(false);
}
);

it('should reject notification messages without an UnsubscribeURL', () => {
expect(isMessage({...validNotification, UnsubscribeURL: void 0}))
.toBe(false);
});
});

describe('subscription confirmation messages', () => {
it('should accept a valid subscription confirmation message', () => {
expect(isMessage(validSubscriptionConfirmation)).toBe(true);
});

it(
'should reject subscription confirmation messages without a SubscribeURL',
() => {
expect(isMessage({
...validSubscriptionConfirmation,
SubscribeURL: void 0
})).toBe(false);
}
);

it(
'should reject subscription confirmation messages without a Token',
() => {
expect(isMessage({
...validSubscriptionConfirmation,
Token: void 0
})).toBe(false);
}
);
});

describe('unsubscribe confirmation messages', () => {
it('should accept a valid subscription confirmation message', () => {
expect(isMessage(validUnsubscribeConfirmation)).toBe(true);
});

it(
'should reject subscription confirmation messages without a SubscribeURL',
() => {
expect(isMessage({
...validUnsubscribeConfirmation,
SubscribeURL: void 0
})).toBe(false);
}
);

it(
'should reject subscription confirmation messages without a Token',
() => {
expect(isMessage({
...validUnsubscribeConfirmation,
Token: void 0
})).toBe(false);
}
);
});
});
Loading